-
The browser remembers the user's authentication, so they don't need to log in repeatedly
-
Users cannot modify the session data to impersonate other users
-
Sessions can be invalidated on the server when necessary
eg: in the event of security breach, account compromise, or a changing in account credentials
-
Session should be expired after a reasonable time-period
-
User should be able to terminate their own session
-
Session data should be protected from eavesdropping
-
User should be able to maintain numerous active sessions
eg: mobile, desktop
-
Notifications
You must be signed in to change notification settings - Fork 0
pasanjaya/secure-session
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|